On or about October 31, 2022, the Organization became aware that various online services were targets of unauthorized access. An investigation found multiple occurrences between October 29 and December 22, 2022, where one or more threat actor(s) attempted to – or successfully – accessed personal information via unauthorized API calls and a credential stuffing attack. With respect to the credential stuffing attack, the Organization believes threat actor(s) obtained and used compromised credentials from “a third-party website breach, phishing attack or password dump.”

File Type: pdf
File Size: 749 KB
Categories: 2023